Progetto1
2024-12-02 00:53:01
(5 days ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
Anonymous
2024-11-30 21:49:35
(6 days ago)
Excessive crawling/scraping
Hacking
Brute-Force
gerensat
2024-11-05 05:48:06
(1 month ago)
2024-11-05 02:48:06 | /robots.txt | [] | LightspeedSystemsCrawler Mozilla/5.0 (Windows; U; MSIE 9.0; ... show more 2024-11-05 02:48:06 | /robots.txt | [] | LightspeedSystemsCrawler Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US) show less
Web App Attack
MAGIC
2024-10-23 18:02:03
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-10-11 12:07:55
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-09-03 11:20:28
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.comp ... show more (mod_security) mod_security (id:210730) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 07:20:24.038837 2024] [security2:error] [pid 6211:tid 6211] [client 52.36.125.174:29573] [client 52.36.125.174] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.5degrees-eg.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.5degrees-eg.com"] [uri "/[email protected] "] [unique_id "Ztbw-EwAPBoREJ0b5ZxQ5gAAABQ"], referer: http://5degrees-eg.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-02 18:04:21
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.comp ... show more (mod_security) mod_security (id:210730) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 02 14:04:14.892392 2024] [security2:error] [pid 3053217:tid 3053217] [client 52.36.125.174:65427] [client 52.36.125.174] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.accordionstars.com|F|2"] [data ".accordionfactory.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.accordionstars.com"] [uri "/www.accordionfactory.com"] [unique_id "ZtX-Hqu39pLYD0eLAcBFHQAAAAk"], referer: http://accordionstars.com show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-16 13:19:02
(3 months ago)
Malicious activity detected
Hacking
Web App Attack
AvonleaConsulting
2024-07-31 06:53:34
(4 months ago)
Scanning unused Default website or suspicious access to valid sites from IP marked as abusive
Bad Web Bot
Web App Attack
spyra.rocks
2024-06-27 02:30:58
(5 months ago)
NGINX
Bad Web Bot
TPI-Abuse
2024-06-06 22:43:50
(6 months ago)
(mod_security) mod_security (id:225170) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.comp ... show more (mod_security) mod_security (id:225170) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 06 18:43:45.492962 2024] [security2:error] [pid 27973:tid 47510893782784] [client 52.36.125.174:31545] [client 52.36.125.174] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pref-realestate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pref-realestate.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZmI7oa_RwItHHJPrBgzPmgAAAMc"], referer: https://pref-realestate.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-20 16:27:48
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.comp ... show more (mod_security) mod_security (id:210730) triggered by 52.36.125.174 (ec2-52-36-125-174.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 20 12:27:41.874627 2024] [security2:error] [pid 4049349:tid 47724405724928] [client 52.36.125.174:21878] [client 52.36.125.174] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.baggymaggy.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.baggymaggy.com"] [uri "/[email protected] "] [unique_id "Zkt5_TL6t7ieyxPXUihvpwAAAZQ"], referer: http://baggymaggy.com show less
Brute-Force
Bad Web Bot
Web App Attack
psauxit
2024-04-27 04:28:05
(7 months ago)
Fail2Ban - NGINX heavily bad-bot, possible vulnerability scanning and excessive crawling/scraping
Web Spam
Hacking
Bad Web Bot
Web App Attack
MAGIC
2024-04-26 07:00:27
(7 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-04-23 09:17:37
(7 months ago)
Malicious activity detected
Hacking
Web App Attack